News

New card from Oberthur changes up CVC... literally

Oberthur Technologies says that it has developed a solution to card-not-present fraud — a payment card that generates a dynamic card verification code.

October 9, 2014

Accepted wisdom (and statistical data) says that as EMV reduces the profitability of fraud at the ATM, criminals will turn instead to card-not present thievery. The European Central Bank reported that in 2012, CNP payments accounted for 60 percent of the value of total card fraud in Europe, where EMV is well established.

In a press release, digital security solutions provider Oberthur Technologies announced that it has developed a solution to CNP fraud — the first payment card integrating dynamic card verification value/code technology online transactions.

CVV and CVC refer to the three- or four-digit number usually printed on the back of a payment card.

The new OT card replaces the printed code with a mini-screen displaying a digital code that is automatically refreshed according to an algorithm loaded onto a chip in the card.

Refresh timing is defined by the card issuer — for instance, each hour. As a result, stolen card information, including the dCVV/dCVC, immediately loses any value for fraudsters who resell card data on "dark" websites.

To generate the code, the issuer must use a specific server in tandem with the payment cards. The server is synchronized with the code-generating algorithm and the issuer's defined refresh rules.

Accepting merchants need not make any complicated changes — the dCVV/dCVC entered by the cardholder operates in the same way as a standard CVV/CVC security code in a transaction.

The dCVV/dCVC technology was developed by NagraID Security, a display card company that OT acquired last month, the release said.